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DETAILED ACTION 

1. Claims 1-21 have been examined. 

Claim Objections 

2. Claim 9 is objected to because of the following informalities: "the user" in claim 9 
lacks antecedent basis. Appropriate correction is required. 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 1-3, 5, 8-12, 14 and 16-21 are rejected under 35 U.S.C. 103(a) as 
unpatentable over Applicant Admitted Prior Art (AAPA) in view of Brownell (USPN 
6965994). 

As per claims 1 and 16, AAPA discloses saving a firmware update application and 
firmware, restarting the computer system, causing the computer system to recognize 
that a firmware update is available, locating the firmware update application and the 
firmware, and initiating the firmware update application (the specification, pg. 2 lines 
15-23). 

4. AAPA does not explicitly disclose saving the firmware update application to the 
computer system. However, saving the firmware update application to the computer 
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system, if not inherent, would have been at least implicit. In order to save data into a 
diskette, as shown by AAPA, the diskette must be placed into a computer system. 
(This concept of saving data into a diskette that is a part of the computer system is 
old and well-known as illustrated by Abit.) Furthermore, in order for a computer 
system to be able to run a computer application (or any computer code) the 
application must be saved (stored at least temporary) in Random Access Memory of 
the computer system. 

5. AAPA does not disclose verifying that the firmware update application has the 
authority to perform activity (e.g. to perform the firmware update). 

Brownell (USPN 6965994) discloses verifying an application authorization to perform 
particular activity (Brownell, col. 2 lines 23-33). It would have been obvious to one of 
ordinary skill in the art at the time of applicant's invention to verify that the firmware 
update application has the authority to perform activity (such as to perform the 
firmware update). One of ordinary skill in the art would have been motivated to 
perform such a modification in order to significantly enhance security. 

6. The authorization of the application disclosed by Brownell includes encrypting and 
decrypting validation data associated with the application (corresponding to the 
firmware update application) and the associated module (the firmware, see. Col. 5 
line 1- line 6 line 35. However, note that col. 7-8 further discusses the 
encrypting/decrypting of validation data). 



Application/Control Number: 10/806,562 Page 4 

Art Unit: 2134 

7. As per claims 2 and 1 8, Brownell discloses that the step of determining whether the 
application has access to a predetermined encryption key (e.g. Brownell, col. 6 lines 
41-48, for example). 

8. As per claims 3 and 10-11, Brownell discloses encrypting a token with a 
predetermine encryption key, the result being a first encrypted token, providing the 
uncrypted token to the application, encrypting the token at the application, the result 
being a second encrypted token, comparing the first encrypted token and the second 
encrypted token, and allowing the application to run if the first encrypted token 
matches the second encrypted token (e.g. col. 8 line 41 - col. 10 line 10). 

9. The limitations of claims 5, 14 and 17 are implicit. Computer programs that verify 
particular conditions (e.g. whether a program is authorized) act based on a found 
result (e.g. was the condition met? This is frequently done by using Boolean 
operators (True/False), see Wikipedia for example). The result reads on a flag. 

10. As per claims 8 and 20, using the firmware update application that is DOS-based 
application is an obvious variation that is well known in the art (e.g. Abit). One would 
have been motivated to use DOS-based firmware update applications especially in 
light of the benefits of these firmware updates as evidenced by their commercial 
success. 

1 1 .As per claim 9 and 21 , AAPA in view Brownell does not disclose verifying that the 
user is authorized to update the target device. 

However, verifying that a user is authorized to conduct any updates on a particular 
device (e.g. firmware updates) is old and well-known in the art of computer security. 
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(Typical systems (e.g. computers running Windows based OS) utilize access 
controls on their files systems and access to particular files (e.g. configuration files) 
is restricted to only special groups (e.g. administrator). When an access to a file 
(e.g. write/change) is requested the system verifies that the user has sufficient 
privileges to perform action on this file. Note, that in addition to file permissions, 
Windows OS also utilizes users rights that also restrict users to only a particular set 
of activities. For more information see Windows NT or Windows 2000). It would 
have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to include authorization of a user. One of ordinary skill in the art would 
have been motivated to perform such a modification in order to ensure the computer 
system security and integrity. 

12. As per claim 12, verifying a user provided password is the primary mechanism of the 
user authentication in computer systems, such as previously discussed Windows OS 
(see Windows, "The Log-On Process"). 

13. As per claim 19, the examiner considers a password, which is associated with the 
user verified to be authorized to implement updates, to read on an administrative 
password. 

14. Claim 2 is rejected under 35 U.S.C. 103(a) as unpatentable over Applicant Admitted 
Prior Art (AAPA) in view of Brownell (USPN 6965994) and further in view of 
Freeman (USPUB 20040006700). 

AAPA in view of Brownell discloses performing a firmware update comprising 
verifying that the firmware update application has the authority to perform the 
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firmware update by determining whether the firmware update application has access 
to a predetermined encryption key. 
15. AAPA in view of Brownell do not disclose that the predetermined encryption key is 
. maintained by the BIOS of the computer system. 
Freeman discloses a predetermined encryption key maintained a BIOS of a 
computer system that is used in verify authority of an application (instructions 
executed to initiate system attribute modification for the computer system, [0021- 
0026]). It would have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to include Freeman's invention to maintain the predetermined 
encryption key, used in verifying authority of the application, in a BIOS of a computer 
system. One of ordinary skill in the art would have been motivated to perform such a 
modification in order to ensure that the application's authenticity. 

Conclusion 

Claims 6-7, 13 and 15 are objected to as being dependent upon a rejected base 
claim, but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any intervening claims. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Peter Poltorak whose telephone number is 
(571) 272-3840. The examiner can normally be reached Monday through 
Thursday from 9:00 a.m. to 4:00 p.m. and alternate Fridays from 9:00 a.m. to 
3:30 p.m. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571 ) 272-381 1 . The fax phone 
number for the organization where this application or proceeding is assigned 
is (571)273-8300. 

Information regarding the status of an application may be obtained from the 



Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see 
http://pair-direct.uspto.gov. Should you have questions on access to the 
Private PAIR system, contact the Electronic Business Center (EBC) at 866- 
217-9197 (toll-free). 




